I built a SoYou server using a ssh key on the install. Thus no root password issued and crucially, nor did I remember to set one and make a note of it. My fault.

All was fine... on a routine update, I lost ssh access. This was Monday. The server is a backup node so actually, I just rebuilt it. While figuring out the how something else I wondered on how it happened, I think I sussed it.

The centmin sshd_config template seems to have authorized_keys specified. The new build on soyou (cent7) creates an authorized_keys2 file. QED on the restart of sshd, the authorized_keys2 isn't going to be checked. I don't tend to change my ports, instead I add CSF to block everything except via ssh bastions/jumps, hence I didn't change the sshd config initally.

It might be something else, I'm making 2+1 equal 4 here. I didn't have the root pw so the box was as good as dead. I didn't have the time to ask soyou to reset the root, if it's something they can even do.

The $HOME/.ssh/authorized_keys file lists the RSA keys that are permitted for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the $HOME/.ssh/authorized_keys2 file lists the DSA and RSA keys that are permitted for public key authentication (PubkeyAuthentication) in SSH protocol 2.0.

The release announcement for version 3 states that authorized_keys2 is deprecated and all keys should be put in the authorized_keys file.

grep _keys /etc/ssh/sshd_config
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys